Lucene search
K

4509 matches found

CVE
CVE
added yesterday7 views

CVE-2026-52837

Summary: Easy!Appointments

6.9CVSS6.1AI score
Exploits0References2
EUVD
EUVD
added yesterday5 views

EUVD-2026-43654

DBI::SQL::Nano versions from 1.42 before 1.651 for Perl have inverted = SQL operators on text. DBI::SQL::Nano, DBI's built-in mini-SQL engine, evaluated WHERE predicates incorrectly in some cases. In the non-numeric string branch of the ismatched method, = was evaluated using Perl's le operator...

9.8CVSS6.1AI score0.00184EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday115 views

OpenCode < 1.0.216 - Unauthenticated Remote Code Execution

OpenCode versions prior to 1.0.216 contain an unauthenticated remote code execution vulnerability. The application exposes session and shell execution endpoints without proper authentication, allowing remote attackers to create sessions and execute arbitrary shell commands on the underlying serve...

8.8CVSS7.5AI score0.16955EPSS
Exploits7References2
Nuclei
Nuclei
added yesterday62 views

Cobbler 'XML-RPC' - Authentication Bypass

Cobbler, a Linux installation server that allows for rapid setup of network installation environments, has an improper authentication vulnerability starting in version 3.0.0 and prior to versions 3.2.3 and 3.3.7. utils.getsharedsecret always returns -1, which allows anyone to connect to cobbler...

9.8CVSS7AI score0.03948EPSS
Exploits6References3
Nuclei
Nuclei
added yesterday37 views

Email Subscribers & Newsletters <= 5.3.1 - Authenticated SQL Injection

The Email Subscribers & Newsletters WordPress plugin before 5.3.2 does not correctly escape the order and orderby parameters to the ajaxfetchreportlist action, making it vulnerable to blind SQL injection attacks by users with roles as low as Subscriber. Further, it does not have any CSRF protecti...

8.8CVSS7AI score0.04184EPSS
Exploits3References2
Cvelist
Cvelist
added 2 days ago29 views

CVE-2026-41041 Apache Gravitino: URL path injection via unencoded user-supplied identifiers in MCP REST client f-string URL construction, enabling path traversal to unintended API endpoints.

URL path injection via unencoded user-supplied identifiers vulnerability in Apache Gravitino. This issue affects Apache Gravitino: from 1.0.0 before 1.2.1. Users are recommended to upgrade to version 1.2.1, which fixes the issue...

0.00592EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago30 views

CVE-2026-12081 Database for Contact Form 7, WPforms, Elementor forms < 1.5.2 - Unauthenticated PHP Object Injection via Entry File Field

The Database for Contact Form 7, WPforms, Elementor forms WordPress plugin before 1.5.2 does not restrict the PHP classes allowed when unserializing an attacker-supplied form-field value, allowing unauthenticated users to inject arbitrary PHP objects that are instantiated when an administrator...

0.00139EPSS
Exploits0References1
Debian CVE
Debian CVE
added 4 days ago6 views

CVE-2026-61858

ImageMagick before 7.1.2-26 contains a policy bypass vulnerability in the APNG encoder and external delegates due to missing validation checks. Attackers can write files to disallowed paths by bypassing configured policy restrictions through the APNG encoding process...

4.8CVSS6.1AI score0.00246EPSS
Exploits0
OSV
OSV
added 5 days ago3 views

CVE-2026-55879 OpenReplay: Unauthenticated stored XSS leads to dashboard account takeover

OpenReplay is a self-hosted session replay suite. From 1.24.0 before 1.25.0, the OpenReplay tracking SDK accepts custom event names and captured page URLs from any visitor using a public project key, stores them in ClickHouse without output encoding, and later renders them in the authenticated...

9.3CVSS6.1AI score0.00274EPSS
Exploits0References5
OSV
OSV
added 5 days ago3 views

CVE-2026-55789 Logto: SAML IdP injects user-controlled profile attributes raw into signed assertions, allowing privilege escalation at relying Service Providers

Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, Logto's self-hosted SAML application IdP built the signed SAML response and assertion by string-substituting user-controlled profile attributes such as name, email, and custom attribute-mapping values into...

8.5CVSS6.2AI score0.00298EPSS
Exploits0References6
CVE
CVE
added 5 days ago12 views

CVE-2026-61492

The provided connected documents identify a concrete vulnerability in JetBrains YouTrack: stored XSS via article titles in digest emails, affecting versions prior to 2026.2.17394. The exact root cause is not detailed beyond this description, and there are no explicit exploit details or remediatio...

6.1CVSS6.1AI score0.0039EPSS
Exploits0References1Affected Software1
OSV
OSV
added 5 days ago1 views

CVE-2026-61444 PraisonAI before 4.6.78 Code Injection via f-string

PraisonAI versions before 4.6.78 contain a code injection vulnerability in deploy/api.py where the agentsfile parameter is directly interpolated into an f-string without sanitization. Attackers can inject arbitrary Python code that executes when the generated server code runs via subprocess.Popen...

9.4CVSS6.2AI score0.00392EPSS
Exploits0References4
Cvelist
Cvelist
added 5 days ago34 views

CVE-2026-54468

Dell Unisphere for PowerMax, versions 10.3.0.5 and prior, contains a path traversal vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability to read arbitrary files...

6.5CVSS0.00295EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 5 days ago6 views

PT-2026-57186

Name of the Vulnerable Software and Affected Versions JetBrains TeamCity versions prior to 2026.1.2 Description Stored Cross-Site Scripting XSS is possible through the unauthenticated agent registration process. Stored XSS occurs when an application receives data from a user and includes that dat...

8.1CVSS6.1AI score0.00199EPSS
Exploits0References5
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-42593

A vulnerability has been identified in CPCI85 Central Processing/Communication All versions V26.20, SICORE Base system All versions V26.20.0. The affected application includes a debugging interface that is accessible through HTTP endpoints. This could allow an authenticated attacker to disrupt th...

7.1CVSS5.9AI score0.0024EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-42574

Access of resource using incompatible type 'type confusion' vulnerability in Samsung Open Source Escargot allows Pointer Manipulation. This issue affects Escargot: before 779f6bedf58f334dec64b0a51ebb724b4708b84a...

6.1CVSS5.9AI score0.00105EPSS
Exploits0References2
CVE
CVE
added 6 days ago135 views

CVE-2026-56291

The CVE-2026-56291 entry concerns the Joomla extension Balbooa Forms, where an unauthenticated arbitrary file upload vulnerability allows uploading executable files and leads to full RCE. Affected version is Balbooa Forms

10CVSS6AI score0.00836EPSS
In wildExploits5References3Affected Software1
Cvelist
Cvelist
added 6 days ago30 views

CVE-2026-58304

Out-of-bounds read, Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: before 779f6bedf58f334dec64b0a51ebb724b4708b84a...

6.1CVSS0.00105EPSS
Exploits0References2
EUVD
EUVD
added 6 days ago10 views

EUVD-2026-42517

Use of a cryptographically weak random number generator in the GenerateRandomPassword function in bosh-windows-stemcell-builder allows a remote attacker to brute-force the resulting SSH login via TCP/22. Affected versions: bosh-windows-stemcell-builder versions prior to v2019.98...

7.7CVSS7.1AI score0.00191EPSS
Exploits0References1
Cvelist
Cvelist
added last week35 views

CVE-2026-15120

Use after free in Core in Google Chrome on Windows prior to 150.0.7871.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

0.00178EPSS
Exploits0References2
Rows per page
Query Builder